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DETAILED ACTION 

This action is responsive to Amendment filed on January 21, 2009. 
Claims 1,2, 4-28, 34, 35, 37-42, 44-50 are pending. 

Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

2. Claims 1 , 2, 4-28, 34, 35, 37-42, 44-50 are rejected under 35 U.S.C. 1 02(e) as 
being anticipated by US Patent Pub. 2002/0083342 by Webb et al (hereinafter Webb). 
Webb teaches the invention as claimed including access and registry servers to provide 

secure access to clients (see abstract). 

As per claims 1, 34 and 39 Webb teaches a method, system and computer-executable 
program code for accessing resources on a private network via an intermediary server said 
method comprising (abstract): 

receiving a login request from a user for access to the intermediary server 
(abstract; the gateway receives a login request); 

accessing an external authentication server to authenticate the user in response 
to the login request (see abstract; the gateway authenticates the client); 
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receiving a resource request from the authenticated user at the intermediary 
server (see abstract; the gateway receives a request from the client to access a Web 
server of a device on the networl<), the resource request requesting a particular 
operation with respect to a resource from the private network (see abstract; the gateway 
receives a request form the client to access a Web server of a device on the private 
network); 

obtaining access privileges for the authenticated user in response to the resource 
request (abstract; the client gets information about its access rights from the gateway); 

determining whether the access privileges for the authenticated user permit the 
authenticated user to perform the particular operation at the private network (devices 
which the user has access to are identified), and 

preventing, by the intermediary server, performance of the particular operation at 
the private network if the access privileges for the authenticated user do not permit the 
authenticated user to perform the particular operation at the private network (user is 
prevented from accessing Web servers for which the user does not have access rights 
by gateway). 

As per claims 19 and 44, Webb teaches a method for providing remote access to 
a private network via an intermediary server, said method comprising (abstract): 

receiving a login request from a remote user for access to the intermediary 
server (abstract and summary; the gateway receives a login request); 
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determining whether the remote user is permitted access to the intermediary 
server based on the login request (see abstract and summary; the gateway 
authenticates the client); 

granting the remote user access to the intermediary server if remote user is 
permitted access to the intermediary server, the granted access carrying access 
privileges to a portion of the private network (see summary; devices which the user has 
access to are identified); 

receiving a resource request from the remote user at the intermediary server if 
the remote user is granted access to the intermediary server, the resource request 
requesting a particular resource on the private network (see abstract and summary; the 
gateway receives a request from the client to access a Web server of a device on the 
network); 

accessing an external authentication server to determine whether the resource 
request from the remote user is permitted by the access privileges (see summary; 
devices which the user has access to are identified) 

supplying the particular resource to the remote user through the intermediary 
server if the resource request from the remote user is permitted by the access privileges 
(see abstract and summary; Web server are access by the user if permitted by the 
gateway based on access rights); and 

denying the remote user from access to the particular resource by the 
intermediary server if the resource request from the remote user is not permitted by the 
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access privileges (user is prevented fronn accessing Web servers for which the user 
does not have access rights by gateway). 

As per claims 2 and 35, Webb teaches the method of claim 1 , where the 
particular operation is one of a file access operation or an email operation (see 
abstract). 

As per claim 4, Webb teaches the method of claim 1 , where the external 
authentication server is within the private network (Fig. 4, and par. 0047). 

As per claims 5 and 37 Webb teaches the method of claim 1 , 34 and 51 where 
the intermediary server stores the access privileges for a plurality of users (abstract and 
summary). 

As per claim 6, Webb teaches the method of claim 1 , where, wherein the 
intermediary server stores an authentication identifier for each of a plurality of users, the 
authentication identifier identifying an external authentication server to be used to 
perform said authenticating (See abstract and summary). 

As per claim 7, Webb teaches the method of claim 6, where the external 
authentication server is within the private network (Fig 1 -5). 
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As per claim 8, Webb teaches the method of claim 7, where the authentication 
identifier comprises a network address for the external authentication server (Fig 1 -5 
and summary). 

As per claim 9, Webb teaches the method of claim 1 , where the resource request 
is from a client-side application running on a client machine (summary and Fig. 1-5). 

As per claim 10, Webb teaches the method of claim 9, where the client side 
application is one of a web browser, an email application or a file access application 
(par. 0019-0024). 

As per claim 1 1 , Webb teaches the method of claim 1 , where the user is a 
remote user (Fig. 1). 

As per claims 12 and 38, Webb teaches the method of claim 1 , where the 
resource request is from a client-side application running on a remote client machine 
(Fig. 1 -5). 

As per claim 13, Webb teaches the method of claim 1 , where the private network 
is an intranet or other network (Fig 1 and summary). 
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As per claim 14, Webb teaches the method of claim 1 , where the resource 
request is from a network browser (Fig. 1). 

As per claim 15 Webb teaches the method of claim 1, where said method further 
comprises: performing the particular operation at the private network to determine a 
response to the resource request if the access privileges for the authenticated user 
permit the authenticated user to perform the particular operation at the private network 
(abstract and summary). 

As per claims 16 and 40, Webb teaches the method of claim 1 and 34, where 
the authenticated user has an Internet Protocol (IP) address, and wherein said 
determining if the access privileges for the authenticated user permit the authenticated 
user to perform the particular operation comprises: 

determining whether the access privileges for the authenticated user permit the 
authenticated user to perform the particular operation at the private network (abstract 
and summary); and 

determining whether the IP address is authorized (Fig. 1 -5) 

As per claims 18 and 42, Webb teaches the method of claim 17 and 40, where 
the access privileges comprise permitted operations, authorized IP addresses, and 
time-of-day restrictions for a the authenticated user (summary). 
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As per claims 20 and 45, Webb teaches the method of claim 19, where said 
supplying the particular resource comprises: 

retrieving the particular resource from a content server (Fig 1 ); 

modifying at least one URL within the retrieved particular resource (column 1 1 , 

lines 55-67); and 

sending the modified particular resource to the remote user (see summary) 

As per claims 21 , 23, 46 and 48 Webb teaches the method of claim 19, where 
said supplying the particular resource comprises: 

obtaining a response for the particular resource (abstract); 

modifying the response so that links within the response point to the intermediary 
server (summary); and 

sending the modified response to the remote user (summary). 

As per claims 22 and 47, Webb teaches the method of claim 19, where said 
supplying the particular resource comprises: 

determining a host name for a remote server hosting the particular resource 
being requested (summary); 

sending a request for the particular resource to the remote server based on the 
determined host name (Fig. 1-5); and 

receiving, at the intermediary server, a response to the request from the remote 
server (abstract). 
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As per claim 24 and 28, Webb teaclies tine metliod of claim 19, where the private 
network is an intranet (par. 0022). 

As per claims 25, Webb teaches the method of claim 19, where the resource 
request is from a network browser (par.0028). 

As per claims 26 and 49, Webb teaches the method of claim 19, where the 
resource request is from a client-side application operating on a remote client machine 
(Fig. 1-5). 

As per claims 27 and 50, Webb teaches the method of claim 26 and 44, where 

the client-side application is selected from the group consisting of: a web browser, an 
email application or a file access application (par. 0028 - 0036). 

As per claim 37, Webb teaches a computer readable memory device of claim 34 where the 
intermediary server stores the access privileges for a plurality of users (summary), and 

where the intermediary server stores an authentication identifier for each of a 
plurality of users, the authentication identifier identifies the external authentication 
server to be used to perform authentication (Fig. 1 - 5 and summary). 

As per claims 17 and 41 , Webb teaches the method of claim 6 and 40. Webb 
teaches wherein said determining if the access privileges for the authenticated user 
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permit the authenticated user to perform the particular operation further comprises: 
determining whether time-of-day restrictions are satisfied (summary and body) 

It is noted that any citation to specific, pages, columns, lines, or figures in the 
prior art references and any interpretation of the references should not be 
considered to be limiting in any way. A reference is relevant for all it contains and 
may be relied upon for all that it would have reasonable suggested to one having 
ordinary skill in the art. In re Heck, 699 F.2d 1331, 1332-33, 216 USPQ 1038, 1039 
(Fed. Cir. 1983) (quoting In re Lemelson, 397 F.2d 1006,1009, 158 USPQ 275, 277 
(CCPA 1968)) 

Response to Arguments 

1 . Applicant's arguments filed January 21 , 2009 have been fully considered but they 
are not persuasive. The applicant argues that the reference fails to teach "accessing an 
external authentication server to authenticate the user in response to the login request". 
The examiner disagrees. The claims fail to specify that the external authentication 
server is external to what and that the intermediate device cannot be the external 
server. The claims broadly claim "accessing an external authentication server to 
authenticate the user in response to the login request". The gateway disclosed in the 
reference is external to multiple devices and systems, thus reads on the claimed 
limitations. Moreover, the applicant argues that since the gateway equated to the 
intermediate server, it can not be the external server. There is nothing in the claims that 
prevents the gateway from being equated to both since it performs all the functionality of 
both. 

In regards to claim 4, the applicant argues that the external authentication server 
is within the private network and the reference fails to teach this. The examiner 
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respectfully disagrees. As recognized by the applicant on page 19 of the Remarks, the 
gateway is a part of the private network. In addition, the applicant argues that the 
reference fails to that "an external authentication server to perform the authentications" 
on page 19 of the Remarks. The examiner respectfully disagrees. The gateway of the 
reference is external and it authenticates (see Fig. 4, and par. 0047). 

It is noted that examiner does not recall having an interview with the applicant in 
regards to the finality of the pervious actions and there is no interview summary on the 
record from the examiner or the applicant. If the applicant has communicated with 
Examiner Trujillo, there is nothing in the record to show this. 

Conclusion 

2. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
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the advisory action. In no event, liowever, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SAHERA HALIM whose telephone number is (571)272- 
4003. The examiner can normally be reached on M-F from 8:30-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ario Etienne can be reached on (571 ) 272-4001 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



Sahera Halim 

Patent Examiner 

/Salad Abdullahi/ 

Primary Examiner, Art Unit 2457 



